From fae1804fb1c0ccfcbb0d289200222852badc0ca5 Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Tue, 24 Feb 2026 15:41:30 +0100
Subject: [PATCH] Code review: SignInLive locale fallback, single root + id,
 CSS scoped to #sign-in-page, remove or-hack, refresh oidc_configured after
 save, tests assert English only

---
 assets/css/app.css                            | 25 +++-------
 lib/mv_web/live/auth/sign_in_live.ex          | 46 +++++++++----------
 lib/mv_web/live/global_settings_live.ex       |  5 +-
 .../controllers/auth_controller_test.exs      |  8 ++--
 4 files changed, 33 insertions(+), 51 deletions(-)

diff --git a/assets/css/app.css b/assets/css/app.css
index 1d82f73..bbe7424 100644
--- a/assets/css/app.css
+++ b/assets/css/app.css
@@ -370,36 +370,23 @@
 }
 
 /* Sign-in: hide SSO button and "or" divider when OIDC is not configured.
-   Use .divider (DaisyUI HorizontalRule) because LiveView does not set id on component root. */
-[data-oidc-configured="false"] [id*="oidc"] {
+   Scoped to #sign-in-page to avoid hiding unrelated elements. */
+#sign-in-page[data-oidc-configured="false"] [id*="oidc"] {
   display: none !important;
 }
-[data-oidc-configured="false"] a[href*="oidc"] {
+#sign-in-page[data-oidc-configured="false"] a[href*="oidc"] {
   display: none !important;
 }
-[data-oidc-configured="false"] .divider {
+#sign-in-page[data-oidc-configured="false"] .divider {
   display: none !important;
 }
 
 /* Sign-in: when OIDC-only mode is on, hide password form and "or" divider (show only SSO). */
-[data-oidc-configured="true"][data-oidc-only="true"] [id*="password"] {
+#sign-in-page[data-oidc-configured="true"][data-oidc-only="true"] [id*="password"] {
   display: none !important;
 }
-[data-oidc-configured="true"][data-oidc-only="true"] .divider {
+#sign-in-page[data-oidc-configured="true"][data-oidc-only="true"] .divider {
   display: none !important;
 }
 
-/* Sign-in: show "oder" instead of "or" when locale is German (override is compile-time only).
-   Target div.contents so ::after has a box (span may have display:contents). */
-[data-locale="de"] .divider div.contents {
-  display: block !important;
-}
-[data-locale="de"] .divider div.contents > span {
-  font-size: 0;
-}
-[data-locale="de"] .divider div.contents::after {
-  content: "oder";
-  font-size: 1rem;
-}
-
 /* This file is for your main application CSS */
diff --git a/lib/mv_web/live/auth/sign_in_live.ex b/lib/mv_web/live/auth/sign_in_live.ex
index 5d2a0dc..aa0d640 100644
--- a/lib/mv_web/live/auth/sign_in_live.ex
+++ b/lib/mv_web/live/auth/sign_in_live.ex
@@ -18,8 +18,10 @@ defmodule MvWeb.SignInLive do
       session
       |> Map.get("overrides", [AshAuthentication.Phoenix.Overrides.Default])
 
-    # Locale from session (set by set_locale plug / LiveUserAuth); default "de"
-    locale = session["locale"] || "de"
+    # Locale: same fallback as LiveUserAuth so config :default_locale (e.g. "en" in test) is respected
+    locale =
+      session["locale"] || Application.get_env(:mv, :default_locale, "de")
+
     Gettext.put_locale(MvWeb.Gettext, locale)
 
     socket =
@@ -53,12 +55,13 @@ defmodule MvWeb.SignInLive do
   def render(assigns) do
     ~H"""
     <div
+      id="sign-in-page"
       class={@root_class}
       data-oidc-configured={to_string(@oidc_configured)}
       data-oidc-only={to_string(@oidc_only)}
       data-locale={@locale}
     >
-      <%!-- Language selector: use @locale from socket (set by LiveUserAuth) so selection matches actual locale --%>
+      <%!-- Language selector --%>
       <nav
         aria-label={dgettext("auth", "Language selection")}
         class="absolute top-4 right-4 flex justify-end z-10"
@@ -77,28 +80,21 @@ defmodule MvWeb.SignInLive do
         </form>
       </nav>
 
-      <div
-        class={@root_class}
-        data-oidc-configured={to_string(@oidc_configured)}
-        data-oidc-only={to_string(@oidc_only)}
-        data-locale={@locale}
-      >
-        <.live_component
-          module={Components.SignIn}
-          otp_app={@otp_app}
-          live_action={@live_action}
-          path={@path}
-          auth_routes_prefix={@auth_routes_prefix}
-          resources={@resources}
-          reset_path={@reset_path}
-          register_path={@register_path}
-          id={@sign_in_id}
-          overrides={@overrides}
-          current_tenant={@current_tenant}
-          context={@context}
-          gettext_fn={@gettext_fn}
-        />
-      </div>
+      <.live_component
+        module={Components.SignIn}
+        otp_app={@otp_app}
+        live_action={@live_action}
+        path={@path}
+        auth_routes_prefix={@auth_routes_prefix}
+        resources={@resources}
+        reset_path={@reset_path}
+        register_path={@register_path}
+        id={@sign_in_id}
+        overrides={@overrides}
+        current_tenant={@current_tenant}
+        context={@context}
+        gettext_fn={@gettext_fn}
+      />
     </div>
     """
   end
diff --git a/lib/mv_web/live/global_settings_live.ex b/lib/mv_web/live/global_settings_live.ex
index a55edf6..752c8d6 100644
--- a/lib/mv_web/live/global_settings_live.ex
+++ b/lib/mv_web/live/global_settings_live.ex
@@ -34,8 +34,8 @@ defmodule MvWeb.GlobalSettingsLive do
   def mount(_params, session, socket) do
     {:ok, settings} = Membership.get_settings()
 
-    # Get locale from session for translations
-    locale = session["locale"] || "de"
+    # Get locale from session; same fallback as router/LiveUserAuth (respects config :default_locale in test)
+    locale = session["locale"] || Application.get_env(:mv, :default_locale, "de")
     Gettext.put_locale(MvWeb.Gettext, locale)
 
     socket =
@@ -407,6 +407,7 @@ defmodule MvWeb.GlobalSettingsLive do
           |> assign(:settings, fresh_settings)
           |> assign(:vereinfacht_api_key_set, present?(fresh_settings.vereinfacht_api_key))
           |> assign(:oidc_client_secret_set, present?(fresh_settings.oidc_client_secret))
+          |> assign(:oidc_configured, Mv.Config.oidc_configured?())
           |> assign(:vereinfacht_test_result, test_result)
           |> put_flash(:info, gettext("Settings updated successfully"))
           |> assign_form()
diff --git a/test/mv_web/controllers/auth_controller_test.exs b/test/mv_web/controllers/auth_controller_test.exs
index c75364b..f31327c 100644
--- a/test/mv_web/controllers/auth_controller_test.exs
+++ b/test/mv_web/controllers/auth_controller_test.exs
@@ -25,7 +25,7 @@ defmodule MvWeb.AuthControllerTest do
     # Create unauthenticated conn for this test
     conn = build_unauthenticated_conn(authenticated_conn)
     conn = get(conn, ~p"/sign-in")
-    assert html_response(conn, 200) =~ "Sign in" or html_response(conn, 200) =~ "Anmelden"
+    assert html_response(conn, 200) =~ "Sign in"
   end
 
   test "GET /sign-out redirects to home", %{conn: authenticated_conn} do
@@ -82,8 +82,7 @@ defmodule MvWeb.AuthControllerTest do
       )
       |> render_submit()
 
-    assert html =~ "Email or password was incorrect" or
-             html =~ "Email oder Passwort nicht korrekt"
+    assert html =~ "Email or password was incorrect"
   end
 
   test "password user with non-existent email shows error via LiveView", %{
@@ -101,8 +100,7 @@ defmodule MvWeb.AuthControllerTest do
       )
       |> render_submit()
 
-    assert html =~ "Email or password was incorrect" or
-             html =~ "Email oder Passwort nicht korrekt"
+    assert html =~ "Email or password was incorrect"
   end
 
   # Registration (LiveView)